Bad admin or some more malicious act sent requests down the wrong pipe.

For about a half hour on Saturday, some requests to one of Google’s DNS servers in the US were re-routed through a network in Venezuela. A false Border Gateway Protocol (BGP) announcement from the Venezuelan network caused the diversion, which affected networks primarily in Venezuela and Brazil, as well as a university network in Florida. It all started at 5:23pm Greenwich Time (UTC).

Andree Toonk of the network monitoring service BGPmon.net told Ars that the false routing request was dropped 23 minutes later, “most likely because the network that announced this route realized what happened and rolled back the change (to their router) that caused this.” During the intervening period, he said, traffic may have been re-routed back to Google, or it just may have been dropped. The result was failed DNS requests for those on the affected networks.

Network rerouting through bogus BGP “announcements”—advertisements sent between routers that are supposed to provide information on the quickest route over the Internet to a specific IP address, such as the Google DNS service’s 8.8.8.8—have become increasingly common as a tool for Internet censorship. They're used to stage “man-in-the-middle” attacks on Web users and to passively monitor traffic to certain domains.

As Ars’ Dan Goodin reported in November, researchers at Renesys found that large swaths of Internet traffic belonging to government agencies, ISPs, and financial institutions have been diverted over and over by BGP exploits, being herded by routers through suspicious networks where they may have been subjected to monitoring or attack. But these sorts of reroutes also happen frequently because of network misconfiguration.

Route advertisements for ranges of IP addresses are sent between routers with a classless inter-domain routing (CIDR) numeric suffix to specify the size of the address range they’re routing to. The most common advertisements use a CIDR suffix of /24 (for example, 8.8.8.0/24), which specifies a block of 256 IP addresses (8.8.8.0 to 8.8.8.255). But the request that hijacked Google’s DNS server address used a CIDR suffix of /32, making it specific to a single IP address. As a result, the request wasn’t propagated as widely as it might have been, Toonk said, but it made the request much more effective at diverting traffic.

“The good thing is that many network filter routes more specific than a /24, so a more specific /32 route is typically not propagated very far,” Toonk said. “This would have limited the scope and impact of this incident. The bad news is that a /32 route is always selected over the 8.8.8.0/24 route that is normally announced by Google.” As a result, any router that received the bogus advertisement and didn’t filter it out would automatically use its routing data to forward packets with DNS requests for Google.

It’s theoretically possible that the diversion of traffic could have been used to intercept and alter DNS requests. However, there’s no evidence to suggest that, Toonk said. And Renesys’ Doug Madory told Ars that other signs point to it being an issue of someone screwing up weekend router maintenance.

The network that sent the request, Madory said, “leaked other internal routes earlier in the day. So I suppose someone was tinkering with the network over the weekend. We see routing goof-ups like this almost every day.” The same network, he said, is also advertising routes for a network address block in China. That's likely because it's using the IP range for an internal private address block on its network.

Madory added that since Google DNS usually routes regionally—and that the Google DNS service for South America is hosted at locations in Buenos Aires, São Paulo and Santiago—the router advertisement may have been intended to tweak DNS performance on the local network by forwarding requests to Google’s US servers instead. “For five months, Google was re-routing Google DNS queries from South America back to the US for resolution. Local resolution returned to South America last month. Google never offered an explanation for the change in service other than it was an ‘operational issue.’"

The communist governement of Venezuela is censoring websites like dolartoday.com, mobile apps like Zello and is actively monitoring Twitter and Facebook accounts. The people are using Google DNS to avoid the censorship. This threat is the Venezuelan government and his allies from Argentina and Brasil trying to hijack Google DNS's requests to keep spying on their own people.

Probably not many. As the article says almost every network operator filters any route advertisements smaller than a /24. This kind of stuff is not terribly uncommon on the internet due to configuration mistakes but is caught pretty quickly and only makes the news when it's the IP address of a big company such as Google. Unfortunately these headlines translate to "Google's DNS got hacked" to the layperson, when in reality some network engineer at BT probably just made a mistake during his change window.

Probably not many. As the article says almost every network operator filters any route advertisements smaller than a /24. This kind of stuff is not terribly uncommon on the internet due to configuration mistakes but is caught pretty quickly and only makes the news when it's the IP address of a big company such as Google. Unfortunately these headlines translate to "Google's DNS got hacked" to the layperson, when in reality some network engineer at BT probably just made a mistake during his change window.

Legit ISPs don't even see this mess, they are connected to upstreams that use RADB and don't even hear totally bogus routes like this.

Same sort of sloppy BS that enables all the NTP DDoS - "real" providers filter BGP stuff based on an external DB like RADB, but tiny providers that brought in some dude for a day to setup BGP, not so much. Dude also skips uRPF just because...

Leaving politics and ideology aside, there are precedents to consider... back in 2012 Malaysia had a similar situation but the outage was wider and more pronounced.A different precedent is the fact that phishing sites for social networks have been found on Venezuela's government-operated ISP servers not that long ago http://orvtech.com/en/general/gobierno-venezolano-elecciones-proxy-twitter/

"(In a meeting with ISPs, ISP) Conatel now has the goal of anyone censor news content that affects the image of the government, but they have a problem," (journalist Alfredo) Meza wrote on his Twitter account.

The communist governement of Venezuela is censoring websites like dolartoday.com, mobile apps like Zello and is actively monitoring Twitter and Facebook accounts. The people are using Google DNS to avoid the censorship. This threat is the Venezuelan government and his allies from Argentina and Brasil trying to hijack Google DNS's requests to keep spying on their own people.

Probably complete bullshit. You are probably not old enough to realise this but this all happend before in a lot of counties in that regio. The U.S. and the US media are probably lying thru there teeth this time also

I downvoted you because you are probably not Venezuelan, not living in Venezuela, or even know anyone in Venezuela and yet you disregard what is happening here because it smells of "Imperialist propaganda". I and many others that DO live this and much much worse things every day, things that would make your stale potatoes run from your lap in fear, would like to tell you that this time, it's not US media lying to you...

The communist governement of Venezuela is censoring websites like dolartoday.com, mobile apps like Zello and is actively monitoring Twitter and Facebook accounts. The people are using Google DNS to avoid the censorship. This threat is the Venezuelan government and his allies from Argentina and Brasil trying to hijack Google DNS's requests to keep spying on their own people.

Probably complete bullshit. You are probably not old enough to realise this but this all happend before in a lot of counties in that regio. The U.S. and the US media are probably lying thru there teeth this time also

I downvoted you because you are probably not Venezuelan, not living in Venezuela, or even know anyone in Venezuela and yet you disregard what is happening here because it smells of "Imperialist propaganda". I and many others that DO live this and much much worse things every day, things that would make your stale potatoes run from your lap in fear, would like to tell you that this time, it's not US media lying to you...

I agree with you. I have a relative living in Venezuela whose friend was killed by one of those chavistas thugs and shameless assholes like grrrr who defend the communist regime of Venezuela sickens me.

It's no wonder the communist regime called grrrr and communist apologists "useful idiots".

Out of curiosity, is it possible for someone to break into an internet transit provider's systems and change BGP routes for more nefarious purposes (say, for instance, to redirect Ars traffic to another website)?

Because if so, I believe that would be the next generation of online attacks.

Out of curiosity, is it possible for someone to break into an internet transit provider's systems and change BGP routes for more nefarious purposes (say, for instance, to redirect Ars traffic to another website)?

Because if so, I believe that would be the next generation of online attacks.

Out of curiosity, is it possible for someone to break into an internet transit provider's systems and change BGP routes for more nefarious purposes (say, for instance, to redirect Ars traffic to another website)?

Because if so, I believe that would be the next generation of online attacks.

This is possible, yes, but is hardly next gen.

I was thinking next-gen along the lines of "As soon as current attacks are more or less thwarted almost universally, what should we start doing?"

Out of curiosity, is it possible for someone to break into an internet transit provider's systems and change BGP routes for more nefarious purposes (say, for instance, to redirect Ars traffic to another website)?

Because if so, I believe that would be the next generation of online attacks.

This is possible, yes, but is hardly next gen.

These types of 'attacks' are fortunately very rare on well configured networks. Between well configured IP access control and running everything from a logically separated management network, you'd have to find some pretty neat exploit in the router itself to breach it.

Not saying it's not possible, because I wouldn't know much about that, but I can imagine that it would much more difficult to hack a well managed router than it would be to crack into even a well managed web server.

Can someone explain to me why people use Google's DNS servers? (genuine question) Are they faster? Better? More reliable? Less prone to privacy violations? In which way are they better than using your ISP's?

Out of curiosity, is it possible for someone to break into an internet transit provider's systems and change BGP routes for more nefarious purposes (say, for instance, to redirect Ars traffic to another website)?

Because if so, I believe that would be the next generation of online attacks.

This is possible, yes, but is hardly next gen.

I was thinking next-gen along the lines of "As soon as current attacks are more or less thwarted almost universally, what should we start doing?"

It is an old attack model which is why it won't be next gen. Part of the reason for filtering RADB and similar measures is that this is an attack vector that is well documented.

Can someone explain to me why people use Google's DNS servers? (genuine question) Are they faster? Better? More reliable? Less prone to privacy violations? In which way are they better than using your ISP's?

They don't belong to your ISP. Google's free DNS is one of the ones that gets recommended when users ask how they can avoid using their local DNS. Causes for looking for this kind of service are often privacy, censorship, traffic shaping and other ISP behaviors that affect your connection. OpenDNS is another popular one.

It can occasionally backfire as noted in this APC commentary (Australian tech site & magazine)

The reason Google is doing this is because both Sao Paulo and Buenos Aires are in communist countries which cannot be trusted for network traffic. They are big fans of Venezuela, Cuba...

Google DNS servers are used by allot of users because of one reason "They don´t trust their ISP enough to use local servers" and so it comes without a wonder that Google realized that using local POPs its a bad idea, this is particular true on how these governments aligned with Venezuela who is a big fan of Cuba to maintain the regime even if its means shooting people.

Brazil has not hidden the fact they plan to use their own solutions as well because they don´t trust the US and Argentina sadly is becoming the new Venezuela, lets not forget who financed their current government, Chavez money. Any person or group that is motivated by extremism, both religious or political taps with Internet connections users without a second blink. In Venezuela the government has shut down Internet in big parts because people where using Twitter and other websites to post what was is going on since the media there is banned almost completely.

I know that Google is trying to change back some services to the US because of this reasons, those governments are tapping on connections to find users that are not aligned with them. This is in response to why Google is trying to move some of this services back to the US.

Can someone explain to me why people use Google's DNS servers? (genuine question) Are they faster? Better? More reliable? Less prone to privacy violations? In which way are they better than using your ISP's?

They are more reliable and some users prefer Google resolving the websites they visit instead of their ISP doing it, privacy and censorship is one of the ideas that came to my mind. Imagine your ISP has the lists of every domain you hit on the Internet.

What happens if your ISP decides to resolve gmail.com to their own servers? They now have your Gmail logins. Same for banking or anything else. Only one evil employee in your ISP or just assume their DNS servers are hacked and their users are doomed. Do you visit adult sites? Your ISP knows about it.

Out of curiosity, is it possible for someone to break into an internet transit provider's systems and change BGP routes for more nefarious purposes (say, for instance, to redirect Ars traffic to another website)?

Because if so, I believe that would be the next generation of online attacks.

Yes but it requires a major screw up, and those that handle BGP are not newbie techs so they usually know how to secure their systems. Usually in most cases its an internal attack it means its a high level attack, usually governments that have control over some Internet service providers and so have control over major BGP sessions of their users. Its actually very easy but you need to have control over this systems, this means own them or have access to the admins that do. Since this can´t be usually accessed remotely and only on site, that gives you a good idea on who is doing it, unless its a mistake, but redirecting traffic to hijacked servers is no a mistake, its on purpose even if its for 5 minutes.

This is why its an awful idea to have governments involved in ISP services and telecommunications.

Call me naive but, if somebody asks me to censor (filter) a site, wouldn't be easier to do it via an ACL (access control list) than to mess up with the routes?

Isn't this the whole purpose of an ACL, to filter traffic without touching the routing tables?

Cheers!

But ACL are to block traffic or control access, for example to specific domains or IPs, re-routing means "hijacking" traffic. Its far more effective and usually goes unnoticed.

If I block Google.com, you can´t access Google.com but if I re-route Google.com to my own servers, now I have your Google queries, and your logins (if you logged in) this means your user, your password, what you searched, what you typed, etc.

Also, usually governments do not want people to find out, they want to "catch" people that are against the government, by posting online, so what they do is "track" where most traffic is going, from where, and who they are, not to mention steal their logins, what they posted, etc. They do it for a couple of minutes and while you think you just tweeted something to the world on Twitter, you actually tweeted to a government controlled servers.

I would advice anyone at home to do a small playground on their own router and see what how other family computers can be hijacked in their traffic. Same idea, except its done at a country wide level. You usually trust your own devices, except in this case you are supposed to trust the middle man as well, your ISP, the route from your ISP to another ISP, etc.

The truth is that system admins should be highly paid people with high standard morals, not just anyone, otherwise they can do allot of damage in trust positions.

The communist governement of Venezuela is censoring websites like dolartoday.com, mobile apps like Zello and is actively monitoring Twitter and Facebook accounts. The people are using Google DNS to avoid the censorship. This threat is the Venezuelan government and his allies from Argentina and Brasil trying to hijack Google DNS's requests to keep spying on their own people.

Yeah...no. Funny how paid shills register accounts only to declare a country is communist when it is not. They have elections, therefore they are social-democrats. You can't even be sure of anything like blaming their government for this. Pretty lame. We detect you all the more easily these days.

Call me naive but, if somebody asks me to censor (filter) a site, wouldn't be easier to do it via an ACL (access control list) than to mess up with the routes?

Isn't this the whole purpose of an ACL, to filter traffic without touching the routing tables?

Cheers!

But ACL are to block traffic or control access, for example to specific domains or IPs, re-routing means "hijacking" traffic. Its far more effective and usually goes unnoticed.

If I block Google.com, you can´t access Google.com but if I re-route Google.com to my own servers, now I have your Google queries, and your logins (if you logged in) this means your user, your password, what you searched, what you typed, etc.

Also, usually governments do not want people to find out, they want to "catch" people that are against the government, by posting online, so what they do is "track" where most traffic is going, from where, and who they are, not to mention steal their logins, what they posted, etc. They do it for a couple of minutes and while you think you just tweeted something to the world on Twitter, you actually tweeted to a government controlled servers.

I would advice anyone at home to do a small playground on their own router and see what how other family computers can be hijacked in their traffic. Same idea, except its done at a country wide level. You usually trust your own devices, except in this case you are supposed to trust the middle man as well, your ISP, the route from your ISP to another ISP, etc.

The truth is that system admins should be highly paid people with high standard morals, not just anyone, otherwise they can do allot of damage in trust positions.

Well, you only have my login information if you also have a certificate with google.com on it that you can send with your request (or you send me to an unsecured login page, which--depending on the browser--should either not work or give me a warning when submitting the form data).

The communist governement of Venezuela is censoring websites like dolartoday.com, mobile apps like Zello and is actively monitoring Twitter and Facebook accounts. The people are using Google DNS to avoid the censorship. This threat is the Venezuelan government and his allies from Argentina and Brasil trying to hijack Google DNS's requests to keep spying on their own people.

Yeah...no. Funny how paid shills register accounts only to declare a country is communist when it is not. They have elections, therefore they are social-democrats. You can't even be sure of anything like blaming their government for this. Pretty lame. We detect you all the more easily these days.

Yes the Soviet Union was in fact a Socialist Democracy, so is Red China.In practice both the old USSR and Red China are totalitarian regimes run by the party leaders.By self identification, the old USSR and Red China are Marxist, though the actual government of the countries had/has nothing to do with what Marx actually espoused.

Marxist governments do exist on a small scale with many communes and religious communities practicing pure Marxism, though it is never called that due to the poisoning of that label by the "communists" who spring up with the intention of running a totalitarian regime.

Real communists live communally with all resources shared and major decisions run by common agreement. Political communists rule as dictatorial small groups claiming ownership or at least control of all property and the general population works for the benefit of the rulers.

So yes it is correct to call a totalitarian social-democracy "communist" because that is the label most of them choose for themselves. The US actually favors "communists" and dictators as long as they are friendly. Because of the concentrated power, it is easier to bribe/coerce the leadership. True democracies are much harder to influence as you need to get the favor of a majority of the voters.

Can someone explain to me why people use Google's DNS servers? (genuine question) Are they faster? Better? More reliable? Less prone to privacy violations? In which way are they better than using your ISP's?

They are more reliable and some users prefer Google resolving the websites they visit instead of their ISP doing it, privacy and censorship is one of the ideas that came to my mind. Imagine your ISP has the lists of every domain you hit on the Internet.

Imagine Google has lists of every domain you hit on the internet... That doesn't make me that much more comfortable.

The communist governement of Venezuela is censoring websites like dolartoday.com, mobile apps like Zello and is actively monitoring Twitter and Facebook accounts. The people are using Google DNS to avoid the censorship. This threat is the Venezuelan government and his allies from Argentina and Brasil trying to hijack Google DNS's requests to keep spying on their own people.

Yeah...no. Funny how paid shills register accounts only to declare a country is communist when it is not. They have elections, therefore they are social-democrats. You can't even be sure of anything like blaming their government for this. Pretty lame. We detect you all the more easily these days.

Yes the Soviet Union was in fact a Socialist Democracy, so is Red China.In practice both the old USSR and Red China are totalitarian regimes run by the party leaders.By self identification, the old USSR and Red China are Marxist, though the actual government of the countries had/has nothing to do with what Marx actually espoused.

Marxist governments do exist on a small scale with many communes and religious communities practicing pure Marxism, though it is never called that due to the poisoning of that label by the "communists" who spring up with the intention of running a totalitarian regime.

Real communists live communally with all resources shared and major decisions run by common agreement. Political communists rule as dictatorial small groups claiming ownership or at least control of all property and the general population works for the benefit of the rulers.

So yes it is correct to call a totalitarian social-democracy "communist" because that is the label most of them choose for themselves. The US actually favors "communists" and dictators as long as they are friendly. Because of the concentrated power, it is easier to bribe/coerce the leadership. True democracies are much harder to influence as you need to get the favor of a majority of the voters.

The only real, and maybe now it's up to debate, but they have the results (equal for #1 in medicine and education according to the UN's HDI) communist country that ever was is Cuba. Imagine how much more wealthy they would be if the US stopped the childish embargo against them.

Venezuela is far from being a communist country though, that was what I was saying here. It's like people calling Russia communist since the anti-russia rhetoric restarted since a couple years. People who claim such have no understanding of political systems or just are just dumb and maybe, paid trolls.

The communist governement of Venezuela is censoring websites like dolartoday.com, mobile apps like Zello and is actively monitoring Twitter and Facebook accounts. The people are using Google DNS to avoid the censorship. This threat is the Venezuelan government and his allies from Argentina and Brasil trying to hijack Google DNS's requests to keep spying on their own people.

Yeah...no. Funny how paid shills register accounts only to declare a country is communist when it is not. They have elections, therefore they are social-democrats. You can't even be sure of anything like blaming their government for this. Pretty lame. We detect you all the more easily these days.

Yes the Soviet Union was in fact a Socialist Democracy, so is Red China.In practice both the old USSR and Red China are totalitarian regimes run by the party leaders.By self identification, the old USSR and Red China are Marxist, though the actual government of the countries had/has nothing to do with what Marx actually espoused.

Marxist governments do exist on a small scale with many communes and religious communities practicing pure Marxism, though it is never called that due to the poisoning of that label by the "communists" who spring up with the intention of running a totalitarian regime.

Real communists live communally with all resources shared and major decisions run by common agreement. Political communists rule as dictatorial small groups claiming ownership or at least control of all property and the general population works for the benefit of the rulers.

So yes it is correct to call a totalitarian social-democracy "communist" because that is the label most of them choose for themselves. The US actually favors "communists" and dictators as long as they are friendly. Because of the concentrated power, it is easier to bribe/coerce the leadership. True democracies are much harder to influence as you need to get the favor of a majority of the voters.

The only real, and maybe now it's up to debate, but they have the results (equal for #1 in medicine and education according to the UN's HDI) communist country that ever was is Cuba. Imagine how much more wealthy they would be if the US stopped the childish embargo against them.

Venezuela is far from being a communist country though, that was what I was saying here. It's like people calling Russia communist since the anti-russia rhetoric restarted since a couple years. People who claim such have no understanding of political systems or just are just dumb and maybe, paid trolls.

Cuba was a "Marxist" dictatorship modeled after the USSR. Like the USSR and Red China it uses the label Communism and claims to be Marxist. I suggest you read up on genuine marxism as the terms have been hijacked and reality bears no relation to Marx's politics or communal living in general. Cuba is a Social-Democracy that is run by a single party which maintained a President-for-Life. In other words an effective dictatorship.

Can someone explain to me why people use Google's DNS servers? (genuine question) Are they faster? Better? More reliable? Less prone to privacy violations? In which way are they better than using your ISP's?

Well, my ISP, Frontier, seems to think that I would like invalid domain lookups to be redirected to their search page with all of their ads on it. I disagree. Also, 8.8.8.8 and 8.8.4.4 seem to be much faster than whatever default server that the router they gave me uses.